OT Security Engineer
Trans Bay Cable (Energy Infrastructure Subsidiary of NextEra Energy)
- Integrated and enforced Purdue Model network segmentation across Levels 2–5, protecting OT/ICS assets and isolating operational environments from corporate networks in alignment with NERC CIP-005 ESP requirements.
- Deployed and administered Check Point firewalls managing 250+ rules and RBAC policies to enforce segmentation aligned with NERC CIP requirements across IT/OT environments.
- Maintained NERC CIP-005 firewall rule governance by documenting business justifications and source references for each permitted rule, supporting audit-ready evidence for compliance reviews.
- Configured firewall rules and Active Directory integration to support Dragos deployment, enabling passive OT-specific threat detection and monitoring across segmented control and DMZ networks.
- Hardened ICS Active Directory environment by enforcing least-privilege policies and restricting administrative access to critical control systems.
- Designed secure remote execution pathway between segmented networks using Just Enough Administration (JEA) for PowerShell.
- Triaged SIEM alerts in Tripwire Log Center by correlating firewall, endpoint, and OT system logs to assess operational impact and validate or dismiss threats within ICS environments.
- Deployed Trend Micro Apex One across Windows-based endpoints in ICS and DMZ networks, enhancing endpoint visibility and malware protection within segmented OT environments.